434 Open source projects that are alternatives of or similar to Rta

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

A tool to test security of json web token

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

🎯 XML External Entity (XXE) Injection Payload List

Help building an adaptive and fine-grained pod security policy

This repository created for personal use and added tools from my latest blog post.

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

Awesome .NET Security Resources

Bandit is a tool designed to find common security issues in Python code.

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

A tool for identifying misconfigured CloudFront domains

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation

NERVE Continuous Vulnerability Scanner

Search for Directory Traversal Vulnerabilities

Automated cacert.pem management for PHP projects

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

Plugin to block compilation when unapproved dependencies are used or code styling does not comply.

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

🎯 HackerTarget ToolKit - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery 🎯

Web Scan Lazy Tools - Python Package

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Web-based Source Code Vulnerability Scanner

secureCodeBox (SCB) - continuous secure delivery out of the box

🔎 shodansploit > v1.3.0

A Deep Graph-based Toolbox for Fraud Detection

Collaborative malware analysis framework

An automated target reconnaissance pipeline.

👻Impost3r -- A linux password thief

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.

YARA malware query accelerator (web frontend)

My simple Swiss Army knife for http/https troubleshooting and profiling.

IAST 灰盒扫描工具

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

Kubernetes RBAC static Analysis & visualisation tool

🔨 Manage your website via terminal

Trojan 🐍 (keylogger, take screenshots, open your webcam) 🔓

Credentials catching honeypot

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

The Staff-Manager App Server for Enterprise Token Safe BOX

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.

Secure, Unified, Powerful and Extensible Rust Android Analyzer

A REST API security testing framework.

渗透测试☞经验/思路/总结/想法/笔记

📓 Some notes and impressive articles of Web Security

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

Modlishka. Reverse Proxy.

🎯 PHP / ASP - Shell Backdoor List 🎯

Scrape domain names from SSL certificates of arbitrary hosts

国光的手把手带你用 SSRF 打穿内网靶场源码

Next generation web scanner

Awesome Ruby Security resources